Elevate Credit International Limited (“Elevate”) is committed to safeguarding the privacy of your personal data.
Elevate is registered with the Information Commissioner’s Office (ICO) under registration number Z8907456.
We operate in the UK so if you choose to use our website from outside the UK, you do so at your own risk. This
website is not targeted at customers outside the UK.
This Policy was created in May 2018 and provides information in respect of how we and others use your personal data.
Elevate Credit International Limited, is registered in England at KPMG LLP, 15 Canada Square, Canary Wharf, London, E14 5GL, under
company number 05041905.
If you want ask us about our use of your personal data please contact us at email@example.com
We want to try and make it as clear as possible what it is you are agreeing to when you provide your personal data
When you apply for a loan with us or you provide personal information in respect of someone else’s loan application,
you will be asked provide us with information (including name, address, phone number(s), email address, date of
birth, income and expenditure information, bank and debit card details). This, and any other information from which
you may be identified constitutes personal data.
You may also provide personal data when you speak with our customer services representatives or you update your
online account information (My Account).
This policy sets out the basis upon which we will use, store, collect, disclose and transfer (individually or
collectively referred to as processing) your personal data. It sets out
We may need to update this Policy at any time and without notice and when we do this we will inform you via your
online account and/or by email.
When you make an online application we ask you to provide a lot of personal data.
We need the personal data you provide to perform our contract with you, and more specifically for the reasons set
out below, including to conduct checks prior to granting a loan, to complete the loan agreement with you, to manage
your loan account and to collect payments and/or recover debt. We will also use it to contact you.
Credit Reference Agencies & Fraud Prevention Agencies
We will share your personal data with credit reference agencies (CRAs) and fraud prevention agencies (FPAs) as part
of the regulatory requirements placed on us, to conduct creditworthiness and affordability assessments before
entering into an agreement with you and to prevent financial crime.
The personal information we have collected from you will be shared with FPAs who will use it to prevent fraud and
money-laundering and to verify your identity. If fraud is detected, you could be refused finance. Further details of
how your information will be used by us and these FPAs, and your data protection rights, can be found
Your personal data is also used for:
- managing your account;
- verifying the accuracy of the data you have provided to us;
- debt recovery and debtor tracing.
All of the above processes are required for the performance of our contract.
These CRA and FPA searches will be recorded. Other credit providers may search these records. Your information may
be linked to others living at your address. We may disclose information about how you conduct your account to third
parties. We have a legitimate business interest to conduct this type of processing.
We are obligated to provide details back to CRAs and FPAs to inform them of the performance and repayment history of
the loan account and suspected or discovered fraud. If you provide false information and/or we suspect fraud we will
record this and may report our suspicions to appropriate law enforcement agencies.
We may continue to receive and exchange personal data with CRAs while you have a relationship with us. Please see
the Account management section below.
The identities of the CRAs, their role also as fraud prevention agencies, the data they hold, the ways in which they
use and share personal information, data retention periods and your data protection rights with the CRAs are
explained in more detail and is accessible from each of the three CRAs. By clicking on any of these three links you
will be taken to the same document:
We use your personal data to help us manage your loan account with us, this includes personal data you may amend if
you update your online account.
Whilst your loan account remains active (whether or not you have an outstanding loan balance), we receive account
management data from CRAs and FPAs to help us make decisions as to whether to make additional funds available for
you to borrow. We have a legitimate interest in undertaking this process.
We may also share your personal data with third parties to assist in the collection of repayments and recovery of
debt and/or if we assign the loan agreement to debt purchasers or if we were to sell our business.
We use your personal data to undertake periodic statistical analysis and/or to ensure the suitability of existing
and future products and services. This also helps us to better understand our customers' requirements so we can
develop, improve and test products and services. This processing is undertaken as a legitimate interest of the
When you contact us
When you correspond with us by phone or e-mail you may also provide personal data. We use this to manage your loan
application, your loan account and to respond to any questions or concerns you may have. Phone calls are recorded in
the legitimate interests of our business quality and security standards.
Browsing patterns, interaction with our website and your equipment
Each time you visit our website, certain technical data about you is collected. In some cases this is collected by
us and in some cases this is collected by third parties. This includes details about your equipment, browsing
actions and patterns.
certain preferences. It also explains when third parties collect data and how you can manage that.
Third Parties Service Providers
Credit References Agencies & Fraud Prevention Agencies: Sometimes we
obtain personal data from, and share personal data with CRAs and/or FPAs, to assist us and CRAs and in creating
and/or improving risk models. We only use third party data if the relevant consent has been provided.
Payment services providers: Sometimes other businesses give us personal
data about you which we
may need for our
legitimate interests of conducting business with you, and on occasion they are necessary to perform our contract
with you. This happens when we link through to third party payment providers. They tell us whether you have/have
not made payments.
Debt management companies, Insolvency Practitioners & CMCs: We are
under a legal obligation to
work with third
parties to whom you have provided authority to act on your behalf. In so doing they may provide us with
information about you and may request information about you.
Third party contractors/service providers: We may also engage third
party contractors to provide us with technical or delivery services that are related to your loan account with
us. We need these providers to provide us with their services for our legitimate interests of operating our
business and our website effectively.
A list of third party contractors/service providers we engage to handle your personal data can provided on
Consumer research: We may use third party providers to undertake
consumer research to assist us
consumer needs and preferences, so we can improve or develop our products and services and also so we ensure we
target appropriate consumers.
Consumer feedback & Reviews: We may send you an email to participate in
providing feedback or
reviews via third
parties such as TrustPilot and NPS. We do not share your personal data with them. If you participate please
check their respective privacy policies.
Direct Marketing: We may use third parties to send direct marketing
material on our behalf, to
our customers or
to target consumer audiences. Our use of third parties to distribute marketing is in the legitimate interests of
our business. In all cases we ensure you have been given the opportunity to inform us that you do not want to
receive marketing from us.
In the event of conflict with any other clauses, this clause shall prevail.
What is Open Banking?
Open Banking is the secure way of providing access to your bank or building society account to providers who are registered for this purpose.
Registered providers and participating banks and building societies are listed under the Open Banking Directory.
Open Banking was set up by the UK Government to encourage more competition and innovation in the financial services sector.
As a forward thinking lender, we support the use of Open Banking as it allows us to process loan applications more efficiently, securely and in our consumer’s best interests.
By permitting access to your bank or building society account information we are able to make a more informed lending decision as we shall be able to verify your income, outgoings and other matters more efficiently in order to assess what loan terms would be suitable for you based upon what you can reasonably afford to repay.
Further information about Open Banking is available from www.openbanking.org.uk.
How will my personal data be shared and used for the purposes of Open Banking?
By proceeding with your loan application via our website you expressly consent to us sharing your personal, contact and loan application details (“the Shared Personal Data”) with our registered Open Banking partner, Perfect Data Solutions Limited (“PDS”) who are also a credit reference agency. During your loan application we shall safely and securely direct you to PDS’s secure portal (“the Portal”) for the purposes of granting PDS access to your bank or building society account information (“Transaction Information”). As soon as your Transaction Information is received it shall be reported back to us in the form of a completed search in order that we may continue to process your loan application (“the Permitted Purpose”).
Further information about PDS including their registered provider and regulatory status is available from www.lendingmetrics.com.
Is Open Banking secure?
PDS are registered under the Open Banking Directory as an account information service provider and are also regulated by the Financial Conduct Authority as a payment services firm under number 802599. Any data you submit via the Portal will be encrypted and its usage tracked as part of set Open Banking data security standards.
We are responsible for the secure transmission of any Shared Personal Data to PDS, for safely directing you to the Portal and for the safe receipt and usage of your Transaction Information.
You will not be required to share your banking password or log in details with either us or PDS. Once you have given your explicit consent to share your bank account information on the Portal you will be directed to your own bank or building society’s login page where you will enter in your own login details directly.
How will my Shared Personal Data and Transaction Information be used?
PDS shall be entitled to re-access your Transaction Information for up to 90 days from the date of your original search result in order to refresh the search results, obtain a snapshot of your data or gather additional data.
As PDS are also a credit reference agency they may also share and keep a record of your Shared Personal Data and Transaction Information.
Will you use my Transaction Information data for any other purpose?
The Transaction Information we receive about you will only be used for the Permitted Purpose. We do not sell or share Transaction Information with any third party.
Do I have to provide you with my consent to proceed?
Where your bank or building society have already permitted access to your Transaction Information you shall need to contact them directly in order to withdraw your consent under their particular Open Banking terms and conditions.
Under Open Banking as your personal data is shared by your bank or building society and accessed by PDS you may also be able to exercise your individual data protection and privacy rights against either of them pursuant to their own terms and conditions and privacy policies.
We may also share your personal data with professional advisers such as our lawyers and insurers to manage risks and
legal claims. This is in our legitimate interests.
We may also enter partnerships with third parties to exchange information about you where we think it will give you
an opportunity to get a great product or service but we will always inform you about this and ask for your express
permission to participate in this.
We may provide suppliers of analytical services or advertising network and search engine providers with aggregate
information about our users to help them reach certain demographics. We do not disclose information that identifies
you as an individual.
Sometimes our website will use third party websites to make your log in easier (such as Facebook). Please be aware
that by choosing to log in this manner, this connects your profile on that third party website with your profile on
We may also share your personal data with third party social media platforms (such as Facebook) in order to show you
Please refer to our
We may also provide these platforms with your email address to create ‘audiences’ of users fitting within a certain
demographic/category so that we can target our marketing. The Facebook GDPR Portal explains these services in more
detail. This use is in our legitimate interests of sending you direct marketing. Our
If we offer you the opportunity to invite a friend to try our products using the contacts from a social network
service (e.g. your Facebook friends or Gmail contacts then we will only do so with your permission and will only use
those contacts for that purpose.
We may share your personal data within our group of companies in order to improve our products and services and
because some of our internal support services are shared across the group. This is in our legitimate interests. Our
parent company is Elevate Credit Inc. and they are based in the US. We have an inter-company agreement in place
which requires our parent company to ensure that the appropriate safeguards are in place.
It is possible we could sell our business to a third party or re-organise our business or become insolvent. In that
scenario, our database of customers is one of the biggest parts of that business and so we would need to share it
with the third-party buyer and their advisers. This is in the legitimate interests of selling our business.
Law Enforcement/Legal Compliance:
We will co-operate with all third parties to enforce their intellectual property or other rights. We will also
cooperate with law enforcement requests from within or outside your country of residence. This may include
disclosing your personal information to government or law enforcement agencies, or private parties, when we have a
good faith belief that disclosure is required by law or when we, in our discretion, believe that disclosure is
necessary to protect our legal rights, or those of third parties and/or to comply with a judicial proceeding, court
order, fraud reduction or legal process served on us. In such cases, we may raise or waive any legal objection or
right available to us. These uses of your personal data are in our legitimate interests of protecting our business
security. We may also use your personal data and share it with the recipients listed in this policy for the purpose
of complying with our legal obligations.
We only send electronic marketing such as email or SMS marketing to people who have provided the relevant consent
for us to do so. We will always offer an unsubscribe facility so you can opt out of receiving this marketing when
you first make a loan application and in every marketing communication afterwards. We may on occasion send out
postal marketing for the purpose of growing our sales which is in our legitimate interests and in this scenario we
will rely on you to let us know if you do not want to receive this by opting out of the marketing. To opt-out please
email us at firstname.lastname@example.org
You also give us personal data such as contact information when you enter one of our competitions. In these
circumstances you are giving us these details to participate. These functions only operate on our website on an
opt-in basis and so we rely on your consent to use your personal data in this way.
You also give us your personal data when you participate in discussion boards or other social media functions which
we may use from time to time on our website. Operating these discussion boards allows you to share your views with
our other customers. This processing of data is in the legitimate interests of the business.
In the majority of cases our lending decisions rely solely on automated decision making and we have a legitimate
interest in doing so as our business is solely online and requires decisions to be made consistently and in respect
of a number of data points, to ensure we lend responsibly and have undertaken affordability and creditworthiness
assessments, in accordance with regulatory requirements.
The personal data that we collect from you will be stored in the UK, however it will also be transferred and stored
We use the following ‘cloud providers’ to provide us with technical solutions. These include Microsoft Azure and
Amazon Web Servers (AWS). Their GDPR portals explain where they store the personal data we provide to them and
how they provide us with adequate safeguards to protect your personal data.
We provide personal data to our parent company. These transfers occur in accordance with an inter-company
transfer agreement between the companies.
We only store your personal data for as long we need it. Details of our records retention policy is available upon
request. To determine the appropriate period we consider the nature of the personal data, its sensitivity, the
potential for harm and the regulatory requirements placed upon us. We may delete your personal data on your request
– please refer to
Your Rights and we may hold a list of the ‘opt out’ requests to record
You may provide us with following special categories of personal data. This is required for the performance of the
contract. Card details are encrypted. Other information is held securely.
- bank records;
- card details;
- utility bills;
- identification records;
- information pertaining to your health; and
- information concerning your financial status.
All information you provide to us is stored on our servers and we have implemented reasonable and appropriate
security measures to protect your personal data including limiting access to key personnel and utilising user names,
passwords, encryption and anonymisation where appropriate. Unfortunately, the transmission of information via the
internet is not completely secure and we cannot guarantee that data breaches will never occur. Please keep your
password safe at all times and log out of inactive sessions. Our website may, from time to time, contain links to
and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these
websites, please note that these websites have their own privacy policies and that we do not accept any
responsibility or liability for these policies. Please check these policies before you submit any personal data to
these websites. Please do not provide us with any other person’s data unless we have specifically prompted you to do
For safety purposes, we may require users to verify their accounts (because we want to make sure you are not a robot
or a minor). However, with the prevalence of ‘phishing’ you should treat all such emails with caution. We advise
that you check our main website by typing in the full address (and not using a ‘cached’ copy of the website on your
device) and use the contact details on our website to contact us to verify the request. We also do not recommend
that you put email addresses, URLs, phone numbers, full names or addresses, credit card details or other identifying
or sensitive information in any online chat function or public profile.
Our products are not aimed at children and neither is our website.
You have various rights under law that assist you with verifying our lawful use of your personal data.
Please refer to our policy for further information here
You may complain to your local supervisory data protection authority about us depending on where you are located. In
the UK, please read: https://ico.org.uk/make-a-complaint/
for details of how to do this.